Vulnerabilities > Twilio

DATE CVE VULNERABILITY TITLE RISK
2024-07-02 CVE-2024-39891 Information Exposure Through Discrepancy vulnerability in Twilio Authy and Authy Authenticator
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024.
network
low complexity
twilio CWE-203
5.3
2020-09-10 CVE-2020-24655 Race Condition vulnerability in Twilio Authy 2-Factor Authentication 24.3.7
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).
local
high complexity
twilio CWE-362
5.1